I have just installed freeradius on debian 5. I run a mail server with combination of postifix,courier and sqwebmail. I want to authenticate mail users through freeradius, i dont know how to go about it. can anyone assit.
Regards, Philly ________________________________ From: Hugh Blandford <[email protected]> To: FreeRadius users mailing list <[email protected]> Sent: Tue, November 2, 2010 7:16:21 AM Subject: Re: LDAP Groups Thank you Peter for your email. I hadn't come across them in the list search. On 2/11/2010 14:16, Alan DeKok wrote: > Hugh Blandford wrote: > >> would mean you could add the attribute radiusGroupName to a user's entry >> and it would then look up the relevant GroupofNames and add those >> attributes to the return items. However, when I add radiusGroupName to >> a user's entry I don't see any groupname lookups in the debug at all. > No. The documentation does not say it works that way. > When using the following sort of DEFAULT entry: Ldap-Group == flat10000, User-Profile := "uid=flat10000,ou=profiles,ou=radius,ou=wl,dc=example,dc=org" there is no relevance to groupmembership_attribute = radiusGroupName Reading the rlm_ldap document. I thought that the groupmembership_attribute was specified in the user entry which was then used to fetch the group information. # groupmembership_attribute: The attribute in the user entry that states # the group the user belongs to. The attribute can either contain the # group name or the group DN. If it contains the group DN # groupmembership_attribute will also be used to find the group's name. # The attribute will be used after a search based on the # groupname_attribute and groupmembership_filter has failed. default: # NULL - don't search for a group based on attributes in the user entry. Alan I'm not saying you are wrong :-) more I don't understand under what circumstances / how it is used. I do not see any group searching done in the debugs unless I specify an LDAP-Group entry in the users file. I thought that with groupmembership_attribute = radiusGroupName set and an entry like radiusGroupName = disabled or cn=disabled,ou=............. etc in a user entry it would return additional attributes listed in the disabled group. >> What I actually want to do is might not be solved best by LDAP groups. >> Most of our customers are in different VRFs and this, the loopback >> address and DNS servers etc are returned. Rather than store this >> information under each user I would like to have template that I refer >> to. However, at the same time, having 50+ default entries didn't seem >> the right way to do it either. > That's what groups are for. Is it sensible to have 50 or so DEFAULT LDAP-Group entries? Or does that show that I have totally failed in understanding what/how FreeRADIUS should be used. Thanks for your help. Hugh -- Hugh Blandford Island Internet ph 1300 130 428 mb 0412 016 875 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
